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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 03 January 2007 . 
2a)M This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-39 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-39 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) □ Notice of References Cited (PTO-892) 4) O Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) Q Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 20070312 



Application/Control Number: 10/630,283 Page 2 

Art Unit: 2135 

DETAILED ACTION 

1. This office action is in reply to an amendment filed on January 03, 2007. Claims 29-39 have 
been amended. Claims 1-39 are pending. 

Response to Arguments 

2. Applicant's arguments filed January 03, 2007 have been fully considered but they are 
not persuasive. Applicant argued that the art on record (Levergood et al., US 5,708,780) fails to 
teach associating the security value with a set of commands of the distributed application, 
receiving one of the set of commands on the server from the authenticated user and checking 
the one command for the security value and further Levergood's SID is not used to control the 
execution of commands as in the present invention. Examiner disagrees. 

3. It is understood by the examiner in view of the specification that the phrase 'a set of 
commands' or 'a set of uniform resource locators (URLs) corresponding to a set of commands' 
is equivalent to a URL link or a URL input in which a user can issue a get or post 
command/request by clicking the link or inputting in a URL box [see for example present 
specification pages 11-12, paragraph 0027]. In this case, Levergood teaches a method of 
protecting a distributed application, including associating a security value (SID) with a set of 
commands or a set of uniform resource locators (URLs) corresponding to a set of commands 
(i.e., URLs that are associated with a get or post request/command wherein a session ID is 
attached with the URL that is issued by the command) [see at least column 5, lines 42-column 
6, lines 7, lines and lines 14-31]. Levergood further teaches receiving the command (i.e., set of 
URLs issued by a get command) on a server from an authenticated user and checking the one 
command (i.e., checking the URL issued by a get command ) for the security value (i.e., SID) 
[column 5, lines 41-49, 64-column 6 line 4 and column 7, lines 14-31 and column 7, lines 35-47]. 
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4. In response to applicant's argument that the references fail to show certain features of 
applicant's invention, it is noted that the features upon which applicant relies (i.e., control the 
execution of commands are not recited in the rejected claim(s). Although the claims are 
interpreted in light of the specification, limitations from the specification are not read into the 
claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). In this case, 
'protecting a distributed application' as recited in the claim is equivalent to 'providing access to a 
control page' as taught by Levergood. The art on record meets the claim limitations and 
therefore the rejection is respectfully maintained. 



Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

6. Claims 1-39 are rejected under 35 U.S.C. 102(b) as being anticipated by Levergood et 
al. US 5,708,780 (hereinafter Levergood). 

7. As per claims 1,3,8-11, 18, 20, 24, 26-29, 31 and 35, Levergood teaches A method for 
protecting a distributed application user, comprising: 

providing a distributed application on a server (i.e., web-pages on a server) [column 5, 
lines 17-41]; 

authenticating a user of the distributed application [column 5, lines 41-50 and column 6, 
lines 27-50]; 
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determining, on the server, a security value for the authenticated user (i.e., SID is 
generated for an authenticated user) [column 5, lines 41-64 and column 6, lines 53-column 7, 
line 13]; 

associating the security value with a set of uniform resource locators (URLs) 
corresponding to a set of commands of the distributed application [column 5, line 49-column 6, 
line 4 and column 7, lines 14-31]; 

communicating the security value to a client operated by the authenticated user [column 

5, line 49-column 6, line 4 and column 7, lines 14-31]; 

receiving one of the set of URLs on the server from the client [column 5, line 64-column 

6, line 16 and column 7, lines 14-21]; and 

checking the one URL for the security value (i.e., check if SID is attached to the URL) 
[column 5, lines 41-49 and column 6, line 65-column 6, lines 26 and column 7, lines 35-47]. 

8. As per claims 2, 12, 19 and 30, Levergood further teaches the method further 
comprising returning an error message to the user if the security value is not found with the one 
command (i.e., if not SID is detected with the URL, redirecting it back to the client, column 5, 
lines 46-50 and column 7, lines 41-49). 

9. As per claims 4, 21 and 32, Levergood further teaches the method wherein the security 
value is a pseudo-random number (i.e., session identifier including user identifier, column 3, 
lines 34-41). 

10. As per claims 5, 17, 22 and 33, Levergood further teaches the method further 
comprising storing the security value on the server [column 6, lines 5-23]. 
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11. As per claims 6, 1 3, 23 and 34, Levergood further teaches the method further 
comprising: associating the security value with session information corresponding to the 
authenticated user, and communicating the session information and the security value to the 
authenticated user [column 6, lines 5-23 and column 7, lines 14-21]. 

12. As per claims 7, 25 and 36, Levergood further teaches the method wherein the 
authenticated user operates a client that communicates with the server [column 6, lines 22-26]. 

13. As per claims 14 and 37, Levergood further teaches the method wherein the associating 
step comprises appending the security value to a set of URLs corresponding to a set of 
commands of the distributed application [column 5, line 49-column 6, line 4 and column 7, lines 
14-31]. 

14. As per claims 15 and 38, Levergood further teaches the method wherein the one URL is 
pre-constructed on the server, and wherein client receives the one URL and the associated 
security value from the server [column 7, lines 14-33]. 

15. As per claims 16 and 39, Levergood further teaches the method wherein the one URL is 
constructed on the client, and wherein the associating step comprises, extracting the security 
value on the client, and appending the security value to the one URL [column 5, lines52-65]. 



Conclusion 
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THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy 
as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing date 
of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Beemnet W. Dada whose telephone number is (571) 272-3847. The 
examiner can normally be reached on Monday - Friday (9:00 am - 5:30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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